MFC r297014:

Fix handling of net.inet.ipsec.dfbit=2 variable. IP_DF macro is in host bytes order, but ip_off field is in network bytes order. So, use htons() for correct check. TAG: IPSEC-HEAD (cherry picked from commit a7ce017c2848df1f6ccac912b14d32c38a74c3b8)
author: Luiz Otavio O Souza <luiz@netgate.com> 2016-05-11 13:22:38 -0500
committer: Luiz Otavio O Souza <luiz@netgate.com> 2016-05-12 11:02:22 -0500
commit: 28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa (patch)
tree: ed6babc7aa92444bbe36440620dca8895ba6ce4b
parent: 9250bbe166ee8659d46891c69be77edf5fc94184 (diff)
download: FreeBSD-src-28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa.zip
FreeBSD-src-28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 7045170..c6e89de 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -445,7 +445,7 @@ ipsec_encap(struct mbuf **mp, struct secasindex *saidx)
 			setdf = V_ip4_ipsec_dfbit;
 			break;
 		default:/* propagate to outer header */
-			setdf = (ip->ip_off & ntohs(IP_DF)) != 0;
+			setdf = (ip->ip_off & htons(IP_DF)) != 0;
 		}
 		itos = ip->ip_tos;
 		break;
author	Luiz Otavio O Souza <luiz@netgate.com>	2016-05-11 13:22:38 -0500
committer	Luiz Otavio O Souza <luiz@netgate.com>	2016-05-12 11:02:22 -0500
commit	28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa (patch)
tree	ed6babc7aa92444bbe36440620dca8895ba6ce4b
parent	9250bbe166ee8659d46891c69be77edf5fc94184 (diff)
download	FreeBSD-src-28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa.zip FreeBSD-src-28aacbb4bb8d97a81b7ce091fc51b2ab8e689cfa.tar.gz